Protecting the integrity of the training procedure of neural networks
Due to significant improvements in performance in recent years, neural networks are currently used for an ever-increasing number of applications. However, neural networks have the drawback that their decisions are not readily interpretable and traceable for a human. This creates several problems, for instance in terms of safety and IT security for high-risk applications, where assuring these properties is crucial. One of the most striking IT security problems aggravated by the opacity of neural networks is the possibility of so-called poisoning attacks during the training phase, where an attacker inserts specially crafted data to manipulate the resulting model. We propose an approach to this problem which allows provably verifying the integrity of the training procedure by making use of standard cryptographic mechanisms.
May-14-2020
- Country:
- North America
- United States
- Nevada > Clark County
- Las Vegas (0.04)
- Hawaii > Honolulu County
- Honolulu (0.04)
- California
- San Diego County > San Diego (0.04)
- Santa Barbara County > Santa Barbara (0.04)
- Nevada > Clark County
- Canada > Quebec
- Montreal (0.04)
- United States
- Europe > Germany
- North Rhine-Westphalia > Cologne Region > Bonn (0.04)
- North America
- Genre:
- Research Report (0.40)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: